Cisco Finesse Cross-Site Scripting Vulnerability
CVE-2019-15278

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Finesse
Vendor: CVE Published:; 26 January 2020

Badges

👾 Exploit Exists

Summary

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.

Affected Version(s)

Cisco Finesse < unspecified

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 5, 2024
Vulnerability published
Jan 26, 2020
Vulnerability Reserved
Aug 20, 2019